Organizations need the ability to manage various types of compliances across different policies and to overcome the lack of adherence to Regulations. Risk Central provides transparent, actionable regulatory compliance management process
Screens & data fields, workflow stages, review & approval cycles and reporting can be built to suit the unique Risk and Compliance Management practices of each organisation without coding effort. The risk team or the operational departments can be enabled to define this with minimal training.
- Ensures the quick Implementation of the system and processes
- Customizations can be done using Configurations without Coding
- Business Users can maintain and manage the application
- Real time changes enhance end user and business as usual usage
Standardised business user screen designs ensures that all the staff in the organisation have very few clicks and navigations to learn. The clean clutter free user interface makes complex applications like risk management more welcoming. These user considerations allows fast adoption and fosters sustainable usage from everyone.
- Risk management activities can be implemented organization wide
- Enables employees to be more forthcoming to report Risks
- Better data is available for accurate analysis and mitigations
- Enhances the Risk Culture across the organization
- Bring compliance teams, compliance owners and the management on the same platform.
- Get real-time updates and enterprise-level compliance statuses in a single window.
- View compliances along with its proof and list of non-compliances if any.
- Initiate transparency and confidence in certifying compliances at all levels.
Manage Risks at Strategic or Process Level
TOP DOWN RISK MANAGEMENT
Risk Central provides the framework for Top-Down risk management for Enterprise and Business risks. The application has 2 levels, the Enterprise and Business Levels, where risks related to Enterprise entities like Strategy, Operations, IT and Business entities like Product Lines, Business Lines can be defined.
Risks can be linked and a hierarchy can be created, and where necessary Bottom-Up risks too can be associated.
BOTTOM UP RISK MANAGEMENT
The Execution Level of the solution addresses the Bottom-Up approach for Departmental, Process, Product, and other risks. An unlimited parent-child risk hierarchy can be created at this level to deliver granular management of risk areas.
These risks can also be linked to Business or Enterprise level risks depending on the organizational needs.
Loss events and other Incidents can be reported across any line of defence.
Managers and Risk teams get early warning notifications and can track incidents to closure.
Insurance recoveries for losses can be updated as and when they occur.
Intuitive Dashboards allow you to analyse trends.
INTEGRATION WITH THIRD-PARTY SYSTEMS
Risk Central provides Rest APIs to collect Incident information from other systems.
Excel based templates support upload of Incident data.
Dashboards can be designed to provide integrated views for Risk Monitoring.
System allows to create recurring time-based compliances and monitor the status regularly. Automatically triggers compliances to the right users in the organization allowing them to update compliances as complied and upload proof.
Automatic compliance reminder and escalations keeps compliance owners updated on upcoming compliances increasing the overall compliance level of the organization.
Objective Library and Balanced Scorecard
Risk Central can be used to define the Strategic Objectives and supports Performance Management.
This module can be used as a simple library of Objectives and Key Performance Indicators. The module works as a comprehensive Balanced Scorecard as well for robust Performance Management. Specific or common Scorecards can be assigned to multiple Roles and Users enabling both individual and common goals to be achieved. Risks can be linked to Objectives and KPI’s can be associated to KRI’s using custom formulas to achieve the ‘Likelihood of Success’ / ‘Objective Centric Risk and Certainty’ management metrics.
Automated workflows and Initiatives management ensures that everything is actionable and measurable.
Entity and Risk Hierarchies
Risk Central allows to see all potential risks in one place, to prioritize those risks, assign ownership, and to respond to them.
The Entity Hierarchy allows for hierarchical structure of Business Units, Product Lines, Business Line, Business Services, Departments, Assets, Vendors and other elements to be defined across 3 levels – Enterprise, Business and Execution.
The Risk Hierarchy enables a parent-child taxonomy to be defined centrally and assigned to Roles and users across the 3 levels defined in the Entity Hierarchy. The Risks can be assigned to Business Units or even to satellite administrative units like BCM or HR to manage specific Risks across multiple Departments.
Risk Registers and Risk Control Self-Assessment (RCSA)
The Risk Registers enables Risk Assessments and Risk Treatments to be performed by authorised personnel.
Risk Central provides a comprehensive RCSA solution, that allows organizations to conduct regular risk-control reviews, with simplicity across a wide range of identified risks and evaluating associated controls and their effectiveness.
Questionnaires/Surveys can be used to collect some or all of the information required for an RCSA. The system can auto calculate residual risks based on various events and changes or exceptions happening in the underlying processes.
RCSA outputs are used for the development of risk action plans. Action plans might include improving the effectiveness of existing controls or introducing new controls to address issues.
Qualitative, Quantitative Scoring and Rollups
The application allows scoring of Risks using Qualitative or Quantitative values. The formulas to rollup the Risk values both across Risk Hierarchy and Entity Hierarchy can be defined.
The system automatically rolls-up the values based on the formulas.
The Controls framework within the application is designed to address the need where one set of controls being applicable to multiple Standards and Frameworks. Controls can be reused across External Standards and Frameworks like ISO, NIST, GDPR, HIPAA or others as well as internal policy frameworks.
Controls and Control Objectives can be defined and assessed once and used for compliance as well as Risk Management across the system. This dramatically reduces the effort to manage and monitor multiple controls across various entities.
Incident Management - Risk Events/ Loss Reporting
Risk Central has capabilities with consistent procedures for incident management i.e. incident or event recording, triaging, investigating, tracking, and closure. Incidents can be linked to organizations, processes, controls, risks, policies, and regulations to identify compliance or regulatory risk.
Events & Loss reporting workflow is business user configurable to adapt to unique organizational requirements. Automated alerts and notifications are triggered to relevant stakeholders when incidents are initiated.
Issue Management and Remediations
Issues and Remediations can be raised from various modules in the system. Multiple workflows each having their own data collection fields for different kind of Issues and Remediations can be defined. These can then be assigned to stakeholders for tracking and closures.
Remediation workflows can also be integrated with other IT systems like IT Patch Management or Network Management systems to deliver the complete lifecycle of issue resolution.
Deviations & Self-Attestations
Control Exceptions/Deviations with their severity can be tracked and managed within the application using a configurable workflow.
Users can provide self attestations periodically for having closed the deviations on controls, policies and process exceptions taken by them. This feature allows users to provide confirmation of compliance ensuring the organizations stay compliant with regulatory and policy requirements. Monitoring dashboards allow organizations to track these exceptions and deviations to closure.
Key Indicators (KIs)
The solution supports Key Risk Indicators (KRI’s), Key Control Indicators (KCI’s) and Key Performance Indicators (KPI’s). Both leading and lagging indicators along with thresholds and notifications can be set using the comprehensive Rules Engine. The schedules set on each indicator generates tasks automatically for stakeholders to input the indicator values during the manual type of metric collection.
IT systems within the organization can be integrated for all or a specific metric enabling automatic data collection without needing manual input and reporting. The solution can be integrated with Business IT systems like Core Banking, ERP, CRM and others as well as IT Infrastructure and Security Management systems.
This is a proprietary 360 degrees risk analysis feature that enables to understand the risk drivers and their impacts based on the interlinkages.
Impact analysis can be performed on various drivers of any element for primary and derived interconnectedness.
Configurable Workflows, Drag & Drop Forms
Risk Central Workflow management system automates multi step processes that exist between any combination of entities / stakeholders to achieve better business outcomes.
Screens & data fields, workflow stages, review & approval cycles and reporting can be built to suit the unique Risk and Compliance Management practices of the organisation without coding effort. The risk or the operational departments can design new workflows without needing IT help.
Heatmaps, Dashboards & Reports
The application provides canned Heat Maps as well as Reports and Dashboards for every module.
Adhoc Reports and Heatmaps can be designed by Business Users using the Dashboard Designer and the Heatmap Designer. These can then be assigned to users and roles within the system.
The intelligent Access Management feature delivers the right data within these reports to the right users based on the Role they are assigned in the system.
Compliance assurance is the process of ensuring that an organization is in compliance with all applicable laws, regulations, and standards. It is a continuous process that involves identifying, assessing, and managing compliance risks.
By implementing a comprehensive compliance assurance program, organizations can protect themselves from the risks of non-compliance and ensure that they are in compliance with all applicable laws, regulations, and standards.
The procedures involved in assurance of compliance vary depending on the specific laws, regulations, and standards that apply to the organization. However, some common procedures include:
- Establishing a compliance program: The organization should establish a compliance program that includes policies and procedures to help ensure compliance with all applicable laws, regulations, and standards.
- Training employees: The organization should train employees on the organization’s compliance program and the laws, regulations, and standards that apply to their work.
- Conducting audits: The organization should conduct audits to assess its compliance with the laws, regulations, and standards that apply to it.
- Correcting non-compliance: If any non-compliance is found, the organization should take steps to correct it.
- Monitoring compliance: The organization should monitor its compliance with the laws, regulations, and standards on an ongoing basis.
Here are some additional procedures that may be involved in the assurance of compliance:
- Reviewing and updating policies and procedures: The organization should periodically review and update its compliance program to ensure that it is still effective.
- Communicating with stakeholders: The organization should communicate its compliance program to its employees, customers, and other stakeholders.
- Responding to inquiries and complaints: The organization should respond to inquiries and complaints about its compliance with the laws, regulations, and standards that apply to it.
- Documenting compliance activities: The organization should document its compliance activities, such as training records, audit reports, and corrective action plans.